From e7a635fb3600055d020d84ae1a5b9bdb3ce5fa06 Mon Sep 17 00:00:00 2001 From: Sakooooo <78461130+Sakooooo@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:25:03 +0400 Subject: [PATCH] sops --- hosts/sakotop/configuration.nix | 2 +- hosts/sakotop/secrets/homelab-cert.yaml | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 hosts/sakotop/secrets/homelab-cert.yaml diff --git a/hosts/sakotop/configuration.nix b/hosts/sakotop/configuration.nix index 1ff1f2cc..26d318a0 100644 --- a/hosts/sakotop/configuration.nix +++ b/hosts/sakotop/configuration.nix @@ -116,7 +116,7 @@ services.xserver.videoDrivers = ["nvidia"]; # homelab - security.pki.certificateFiles = ["/home/sako/homelab.crt"]; + sops.secrets."homelab-cert.pem" = {}; # Enable the OpenSSH daemon. # services.openssh.enable = true; diff --git a/hosts/sakotop/secrets/homelab-cert.yaml b/hosts/sakotop/secrets/homelab-cert.yaml new file mode 100644 index 00000000..f0239bb7 --- /dev/null +++ b/hosts/sakotop/secrets/homelab-cert.yaml @@ -0,0 +1,21 @@ +homelab_cert.pem: ENC[AES256_GCM,data:NwGlxxgE/47zNb/kokc1Rt1dN++C5v79JFQMRFtkHKErCm+ws2Z00+GTOBAj+Tt2JouX/D8SjDKL7B3vD0J7pT4sIA61xLbFaN+drnTvJiSGtM/FmqiKEHjEThyUMf4OczogYcNill/R0Cb4Iw7qUSwT8f2/0LexBXrYl02e7rAEZF78X82gaAwco3e1nDPvk51omKjSMfRiycdZTBT7sjYUmkhR7otaawVOwbnBL6rd+ala66nj8Ig6nLH5jt1tuZQ85ckS5LqMpp76djUUiFlTCCTVRw2AVpVRPdLWjzkWK41RepyMFiucgEGONSVMm9EwZIOrHoNLU9heSjN+VH9dELg4Y1tudTQmZV02zc+yrHYFai9gPT/fKgw+j1JXKR7C5Rurw9JY0933QHicPRgLKyG7JxNowzZnZsTstgKRB72Ye7gUR3s9CaWEKURiBMmDLNW/41EeISe39rRTc4klb2z0gesUrrpGWHWkZJ7TALtF/49JxqT5jdMEt0AQgkKuJUV7h/pI0UxOBRR4MMMbE0IV+vjEOoGiV1xRmW9RNLtwQO2p2dsVxyo9EsgpxYsL1/bcH+TcZ5WmqQZ6htR2D5G7UQUoV247w7W4CVAfQLEthdnFCsFhzA3dOJepBKfJPJv+nVhjIxYxZesSgsCR6UA4bLoIFbUwwrTMbqyhKxK9WLDMsoIi/v7jmHKYoe7B4tRAsx7z/56LaX3wcl0hLzGInx3JX71qXdlD/Zal/63gLBDKGPo+byDQlWC6lO8LBFf+18kzhfzTr848JLHudu03k+g4Qmnjo5hTA0qRcG5feYjq7VxTEei+WPfVvlmUYuprD+QuQc5H0IeQ6ZpuyTcEwJbpTg39onkFLSaYAY/+uDenx4KzRjcfdSJqedGM/hSmnckBZXFHeW6BFkrvODxusQZPq5gkizGP6SK8XAFODFx3M2U9zkhdDTY4+UH42H5X52jndjYhf91f0AtnHYv7jBjZdPxXZgGT989Z/kJD3zHk3XkVN9uVyob6EWmF2AzBRiacpD/cEMg5Gs/pDXTmoa+I36k0jLCOaCL31wIopjUxyocpmReg3jvGHnnNrDWECBPuiClW+egGQla4bL4hRbdvUloqdZeMntiEGQRsOjmgbMoyMfR62CXtIEjZ/CO+MulCWvUAqCdUYh74vGYADnsc03RUFLZ8Ul8NrSXiNK0yEJJ3F4WJvs7WFN+Kpak+U69f8ThZUw1Kird1xlyBBMpssG96zaKgKbM0Rba5I9/zePeXfq2juci0HPlS6/dCL8nsxAzJStNqYJ6/T1nvP25wXJ5ykthMq8V9MyL3+gwG5+Qc1MgJxJPdGpuN/0D5LEGKlfX6968t8+bfL/ZGXOKw7Bj55rUWW05rMDCo2MU3ddDmUmpe8VH3+bmnKcCaUF4xcaURuzZUNMA4V5xtzs9pcAO6i57q+QKK5xRJ/dQ5CvCQ2e3GkQiReAm2wMNXgC/1xSlk8+v42l2cCZLrHQuKz6Hhhs974oJ1Kr1lue7G+dDUBPshM6NTQKQ/Rc8RmLEVg1XeAHEHPXlIUZbz6smca7tTlckMM4AIM//S6MFlftzyJfenWth+MJQ6GGHgjv/bhmNTL5JrCH/rbrOm35S4spMyvB6gNQPj1Cwa/Hxiqq4k41waGwSPcSeZV1j2agnbdfTbF8o5bLlzlrBtdPZXhRnXzHGFvfw+rOApzkonDGEgU3Mkdw==,iv:jamng39UQk9xK4+Uj8QYFrZ+sfcOUQyHCNK8dO20Rgw=,tag:yY5YMqzNyprUGoglnRrKhw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1nhj5fz9cakgd6rrkwpjkndra6fd4rqxgfvcrap5g0anwxgmh4yqspvf22y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNWhWTy9PNmgxMngyeHM1 + cENCdjBCWVp4cXM5ZE85ZzVOa0ZvWTEyWGtnCjE2VThuQUNhVFN2dVYxNFZrMkhZ + S0VBQ25ySUNNVng3VXozOWw2QzN0UFkKLS0tIEttSVJnTzVPMHRBV29FZHI5Ulc0 + MUVjQXNsYVM3V1BwMUlPL2sxeE9kVnMKM1tAh5O7qn2o+q+j0AZNqGlLH/90enOJ + /LYnLLWL+kWL92kO8YdTLLmdcR8XMoq9JqGRxHku7q7phhc/ZYvFag== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-05T10:14:21Z" + mac: ENC[AES256_GCM,data:12BTEoMl56c5uggKCaN46qagq428ZP1DAOqpu5ne0H7C7oJMTOvXtZHrLypmp2JnLXnKlqEa3Ca0VUrNotdPTDP6GYAn9J7YWIFEoUqIhV10hTYOlSkAFtMeI4KD0srw99xnUnWNc3wIXHlc/YPdCwxCdMgHXAmLcq/BeIoPQ4I=,iv:/iPreYenymr9KvkWzbpPrZ1japOI6jN5ioPfOTldVY4=,tag:E8JHZB5R/wjTFlqecCrejw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3